Updates made on NSIDC Fork

[mikedorfman]

We're working to get from our fork back to the asfadmin/CIRRUS-core baseline. These are a few of the smaller changes we had made on our fork. These changes should not result in changed default behavior. The changes include:

• Adding urs_tea_client_id and urs_tea_client_password to specify alternative client id and password for use in TEA. If not specified, this defaults to urs_client_password/id variables.
• Adding optional ecs_include_docker_cleanup_cronjob, which defaults to False
• Fixing the value of report_granules_sns_topic_arn, updating it from module.cumulus.report_executions_sns_topic_arn to module.cumulus.report_granules_sns_topic_arn.
• Adding {DAR = "YES"} to the list of tags passed into TEA for use in the buckets created by this module
• Updated TEA bucket map so we do not redeploy the bucket map file if the file name is specified.

[lindsleycj]

Other than the DAR question, I'm fine with this PR

[lindsleycj]

Does TEA create a bucket? I'm not sure why this is needed.

[reweeden]

Yes, the TEA terraform module creates a bucket for the lambda source code zip, dependency layer zip, and CloudFormation.

We are in the process of releasing a new version of TEA that adds the DAR tag to the bucket: https://github.com/asfadmin/thin-egress-app/releases/tag/tea-release.2.0.1

I think it would be better to update the version of TEA rather than pass the tags in like this, because doing it this way will also tag the CloudFormation stack with the DAR tag meaning it will tag every resource (lambdas, queues, API gateways, etc) with the DAR tag.

[mikedorfman]

Good to know - agreed, it is better to update in TEA than to include this tag with everything in the TEA stack. I'll remove this from the PR given that this work is ongoing.

[reweeden]

Most of it looks good, I just don't understand why we might need 2 different URS clients.

[reweeden]

Nice

[mckadesorensen]

Great catch!

[reweeden]

Can we move these down to where the other TEA variables are?

[reweeden]

Maybe add a description saying that they will default to the non-tea version of the variables?

[mikedorfman]

Good call - done in the next commit.

[reweeden]

Could you explain to me the use case for having different URS clients for TEA and cumulus?

[mikedorfman]

Good question! This update predates my time at NSIDC, but I believe this is because the dashboard (corresponding to the urs_client_id/password) and the TEA (corresponding to the urs_tea_client_id/password) are two separate EDL applications that have different IDs and passwords.

[reweeden]

Maybe clarify that it's coming from the daac module instead something like this:

Suggested change

	# If bucket_map_key is set, we already have a bucket map on S3 and don't need to create one
	# If bucket_map_key is set, the daac module already created one and we can skip creation here

[mikedorfman]

Good call - updated on the next commit.

[reweeden]

At ASF we just changed the key that the daac module uploads the bucket map to so that it doesn't conflict with the core bucket map and then we just ignore the core bucket map. But it's probably less confusing for core to just skip creating that extraneous bucket map all together.

[mikedorfman]

I see - this makes sense and is good to know!